Previous Topic: Defining the Audit Events That CA ControlMinder Writes to the Audit LogNext Topic: Default Audit Modes for Users and Enterprise Users


How CA ControlMinder Determines the Audit Mode for a User

The audit mode for a user specifies which audit events CA ControlMinder sends to the audit log for that user. The following process describes how CA ControlMinder determines the audit mode for a user:

  1. CA ControlMinder checks if the user's record in the USER or XUSER class has a value for the AUDIT property.

    If the user's record has a value for the AUDIT property, CA ControlMinder uses that value as the audit mode for the user.

  2. CA ControlMinder checks if the user is assigned to a profile group. If the user is assigned to a profile group, CA ControlMinder checks if the profile group's record in the GROUP class has a value for the AUDIT property.

    If the user is assigned to a profile group and the profile group's record has a value for the AUDIT property, CA ControlMinder uses that value as the audit mode for the user.

  3. CA ControlMinder checks if the user is a member of a group. If the user is a group member, CA ControlMinder checks if the group's record in the GROUP or XGROUP class has a value for the AUDIT property.

    If the user is group member and the group's record has a value for the AUDIT property, CA ControlMinder uses that value as the audit mode for the user. If the user is not a member of a group, or if the group's record does not have a value for the AUDIT property, CA ControlMinder assigns the systemwide audit mode to the user.

    Note: The user's audit mode accumulates if a user is a member of more than one group and the groups have different audit modes. The audit mode for the user is the sum of all the audit modes for the groups of which they are members.

Note: If CA ControlMinder uses the value of a group's AUDIT property to determine the audit mode for a user, and you change the group's audit mode while the user is logged in, the audit mode for the logged-in user also changes. The user does not have to log off for the change in group audit mode to take effect.

The following diagram shows how CA ControlMinder determines the audit mode for a user:

The flowchart shows the process CA ControlMinder follows to determine the audit mode for a user.

Example: Audit by Groups

User Jan is a member of Group A and Group B. Group A has an audit mode of FAIL and Group B has an audit mode of SUCCESS. Because Jan is a member of both groups, Jan has the accumulated audit mode of FAIL and SUCCESS.

More information:

How CA ControlMinder Uses Profile Groups to Determine User Properties